By setting up single sign-on (SSO) options from Blink into your other systems, you can help reduce the steps users must take each time they access pertinent information.
In this article:
Benefits of using SSO
Although there are many benefits to setting up SSO, we believe the most impactful factors are specifically relating to your user experience.
SSO to other systems helps users have easier access and better uptake of key systems and allows them not to have to remember multiple passwords for multiple systems. This translates into ease of use but also better security of those systems.
What is needed to set up an SSO?
Blink offers a self serve SSO configuration feature. To set up Single Sign-On (SSO) using Blink as the Identity Provider (IdP), meaning to go from Blink to another system, you need specific information from your Service Provider (SP). This guide will help you request the necessary details from your SP for a successful SSO configuration. Please note that we currently only support SAML 2.0.
Configuring SSO
Setting up SSOs can be managed from the “Single Sign-On” section on the Blink Admin dashboard.
Information required from the Service Provider (SP) | What is it | How to request |
Assertion Consumer Service (ACS) URL | The ACS URL is the endpoint on the SP where our platform sends the authentication response. | Ask your Service Provider to provide the ACS URL for their application. |
Entity ID | The Entity ID uniquely identifies the SP and ensures proper communication between the IdP and SP. | Ask your Service Provider to provide their Entity ID. |
Name ID Format | The Name ID format specifies the format of the identifier used to represent the user. | Confirm with your Service Provider which Name ID format they require (e.g., email address, persistent ID). |
Optional Information (if applicable):
Attribute Mapping:
What it is: Attributes are user details that the IdP sends to the SP.
How to request: Verify with your Service Provider which user attributes are required and their respective names.
Blink supports sending static/fixed values.
SAML 2.0 Metadata (optional):
What it is: Metadata includes configuration details about the SP necessary for establishing trust and communication.
How to request: Ask your Service Provider for their SAML 2.0 metadata file.
Here's an example template that can be modified for you to request this information from your service provider ✉️
Here's an example template that can be modified for you to request this information from your service provider ✉️
Subject: Request for SAML Configuration Details (Entity ID, ACS URL, NameID Format)
Hi [Service Provider's Team],
We’re currently configuring SAML 2.0 integration between Blink and your service and need a few key details to complete our setup:
Assertion Consumer Service (ACS) URL – the endpoint where Blink should send the authentication response
Entity ID – your service’s unique SAML identifier (usually a URL or URN) which will ensure proper communication between the IDP (Blink) and your service.
NameID format(s) you're expecting (e.g.
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress,transient,persistent, etc.).
Could you please send over those specifics at your earliest convenience? Here’s a quick checklist:
ACS URL:
Entity ID:
NameID format(s):
Attribute mapping: are there any required user attributes and, if so, what are their names?
SAML 2.0 Metadata: please send across the relevant metadata file
Once we have this, we can finish the metadata exchange and test SAML SSO.
Thanks in advance for your help!
Best regards,
[Your Name]
Using the Information:
Once you have gathered the required information, navigate to the Admin dashboard on Blink, then go to the Single Sign-On section (found on the left-hand panel). From there, select “Add SSO” and add the information provided by the SP.
Once you’ve created a new SSO configuration, you will be able to view the Metadata and Login URL.
You can create a new SSO Hub item by:
Navigating to the Hub management screen on the Admin dashboard,
Selecting “Add Content” and selecting “Single Sign-On”:
From here you’ll be able to:
Provide a name for the SSO item on the Hub,
Select a corresponding configuration,
Specify the Relay state (the URL the user redirected following a successful SSO request)
Manage the icon, section and which teams have access to the Hub item
